Welcome to Splunk Answers, a Q&A forum for users to find answers to questions about deploying, managing, and using Splunk products. Contributors of all backgrounds and levels of expertise come here to find solutions to their issues, and to help other users in the Splunk community with their own questions.

This quick tutorial will help you get started with key features to help you find the answers you need. You will receive 10 karma points upon successful completion!

Refine your search:

Conditional alerting examples?

1

I'm trying to set up a conditional alert where if there are less than 50 results but greater than 0 results, I want to be alerted. It seems straightforward but I can't figure out the syntax of the condition to use. The following does not work, for example: